Security Culture

The ideas, customs, and social behavior of a particular people or society
that allows them to be free from danger or threats.

Culture includes both the artist and their audience

  What does the word “culture” mean to you? When I think of culture I think of it as something that encompasses an entire society of people, not just a subset; so a security culture should consist of everyone within the scope of a security domain – whether that’s an organisation, group, location or other defined range. That said, your…

How do you define your goals?

Know your goal Your security culture program success is a direct result of your direction and your goals. How do you define your goals? With the SCF module Metrics, you set goals, define your baseline and decide how to measure security culture in your organization/program. Read more on the Metrics module:

What can you change today?

Be holistic! Use Policies, Competence and Technology together to change security behaviors: What can you change today? The Topics module is used to determine which topics to train in order to reach your targets. There are a large numbers of different topics to train to succesfully create security culture, from technical areas, via passwords, policies and legalities, to how to discover…

What are your goals?

Measure your success: Define clear goals using the SMART makes it easy to know if you fail or succeed. What are your goals? With the SCF module Metrics, you set goals, define your baseline and decide how to measure security culture in your organization/program. Read more on the Metrics module:

How Culture Impacts Negotiations

Security culture is not only about avoiding phishing, or setting strong passwords. Security culture also includes communication with others, and when communicating, we often find ourselves in a negotiation. Have you ever failed utterly at a negotiation, and later considered that perhaps differences in cultures was at play?

In this HBR video, you can learn how different cultures impacts how we negotiate, what is acceptable social behavior during negotiation, and how trust is built.

Should you prefer to, you may read the HBR article too, it is in-depth with nice examples.

How do you see culture creates barriers for security culture in your organisation? How can you use your new knowledge of culture and trust to break down those barriers?

Photo Credit.

Why you should invest in security culture

Security investments is often seen as buying either hardware or software to protect our assets, both physical and logical, often this is not enough to ensure that we achieve the security levels we seek. The missing part of the investments is often in building knowledge, culture and understanding. If we provide people with valuable assets, such as information, we must…

Metrics, a technical drill down

We all see that the goal is one of the most important parts in a journey, but without a clear understanding on where we are at the moment it is hard to know how long the journey will take and even in what direction the journey should start. In the security culture framework we do take care of ensuring that…

The art of a good password – what is it, really?

Myp0ppy vs. UX*7(æ#6VbuiRomeo_and-Juliet8loVe4Ø&% You may wonder whether the blog author has lost his mind using a subtitle as the one above. Is he writing a piece about a battle of intergalactic entities, or if the topic is about a fight between a dog and a machine? Way off (one may of course argue the former)! My topic this time is about passwords and password…

The Security Culture Conference 2016 Call for Presentations

  The Security Culture Conference is the globally leading conference on security culture. The organizers are the community behind the Security Culture Framework, who use the conference to spread information about how to build and maintain security culture. In 2015, participants from USA, Asia and Europe met to learn and discuss the various topics of security culture. You may read…